BS ISO/IEC TR 15947:2002
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
Information technology. Security techniques. IT intrusion detection framework
Hardcopy , PDF
01-01-2012
English
11-11-2002
1 Scope
2 References
3 Terms and Definitions
4 Introduction to Intrusion Detection
4.1 The Need for Intrusion Detection
4.2 Types of Attacks
4.2.1 Host-based Attacks
4.2.2 Network-based Attacks
5 Generic Model of Intrusion Detection Process
5.1 Data Sources
5.2 Event Detection
5.3 Analysis
5.4 Response
5.5 Data Storage
6 Characteristics of Intrusion Detection
6.1 Data Source
6.1.1 Host-based
6.1.2 Network-based
6.2 Event Detection and Analysis Frequency
6.2.1 Continuous/Near Real-Time
6.2.2 Periodically/Batch Processed
6.2.3 Initiated Only Under Special Circumstances
6.3 Intrusion Detection Analysis
6.3.1 Misuse-based
6.3.2 Anomaly-based
6.4 Response Behavior
6.4.1 Passive
6.4.2 Active
7 Architecture Considerations
8 Management of an IDS
8.1 Configuration Management
8.1.1 Detection Function
8.1.2 Response Function
8.2 Security Services Management
8.3 Integration with Other Management Systems
8.4 Security of Management Operations
8.4.1 Authentication
8.4.2 Integrity
8.4.3 Confidentiality
8.4.4 Availability
8.5 Management Model
9 Intrusion Detection Analysis
9.1 Signature Analysis
9.2 Statistical Approach
9.3 Expert Systems
9.4 State-transition Analysis
9.5 Neural Networks
9.6 User Anomalous Behavior Identification
9.7 Hybrid Analysis
9.8 Other
10 Implementation and Deployment Issues
10.1 Efficiency
10.2 Functionality
10.3 Personnel for IDS Deployment and Operation
10.4 Other Implementation Considerations
11 Intrusion Detection Issues
11.1 Intrusion Detection and Privacy
11.2 Sharing of data on intrusions
11.3 Future Standardization
12 Summary
Bibliography
Specifies framework for detection of intrusions in IT systems. Many classes of intrusions are considered. These include intrusions that are intentional or unintentional, legal or illegal, harmful or harmless and unauthorized access by insiders or outsiders.
Committee |
IST/33
|
DocumentType |
Standard
|
Pages |
32
|
PublisherName |
British Standards Institution
|
Status |
Withdrawn
|
Standards | Relationship |
ISO/IEC TR 15947:2002 | Identical |
ISO/IEC 10181-7:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Security audit and alarms framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.